<?php
//session_start();
//include_once $_SERVER['DOCUMENT_ROOT']."/math-videos/configure.inc.php";
//check if you have curl loaded
//echo $_REQUEST['json'];
if(!isset($valid_controller)||$valid_controller===false)
{
  return;
}
$rating=0;
$views=0;

$data_string = json_decode($_REQUEST['json'],true);
foreach($data_string as $key=>$value)
{
		$$key = trim($value);
	// echo "$key = $value<br>";
		if($key=='title')
		{
			$asset_title = $title;
		}
	
}  
//exit();
//authertication user
$sqltext="select id as user_id , institute_id from users  WHERE username=? and password=?";
$params = array();

array_push($params,sql_escape($username));
array_push($params,sql_escape($password));
$result = db_select_query($conn2,$sqltext,$params);
$user_id='';
$institute_id='';
while($row = db_fetch_array($result))
{
	$user_id = $row['user_id'];
	$institute_id = $row['institute_id'];
}

if($user_id =='')
{
	//echo "HTTP/1.1 401 <br />";
	//echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
	header('HTTP/1.1 401 Authorization Required');
//	echo "Location: https://api.mathinstitutes.org/metadata/v1/asset/2341<br />";
	echo "{\"error\": \"Authorization Required.\"}";
}
else
{

    //update asset table 
	$id= $assetID;
	$update_flag= false;			
	//check if user has right to upf=date this asset
	$sqltext="select title from asset WHERE id=? and institute_id = ?";
	$params = array();

	array_push($params,sql_escape($id));
	array_push($params,sql_escape($institute_id));
	$result = db_select_query($conn,$sqltext,$params);
	while($row = db_fetch_object($result))
	{
		foreach ($row as $key => $value) 
		{
			$update_flag= true;			
		}
	}
	if($update_flag)
	{
		//end get info
		//check required fields
	
			$statistics_sha1 ='';
			if($rating!='' || $views!='')
			{
				$statistics_sha1 = sha1($rating.$views);
			}
			
			$params = array();
			$sqltext="UPDATE asset SET ";

			$sqltext .="rating =?";
			array_push($params,sql_escape($rating));
	
			$sqltext .=",views =?";
			array_push($params,sql_escape($views));
		
			$sqltext .=",statisticsSHA1 =?";
			array_push($params,sql_escape($statistics_sha1));
			
			$sqltext .=" WHERE id=?";
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
			//add to api log
			$sqltext="INSERT INTO api_logs(query,added_date,user_id, institute_id,asset_id) values( ?, ?, ?,?,?)";
			$params = array();
			array_push($params,'Update Statistics');
			array_push($params,date("Y-m-d H:i:s"));
			array_push($params,sql_escape($user_id));
			array_push($params,sql_escape($institute_id));
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
		 // echo $id;
		 	unset($result_array);
			//$result_array['assetID']=$id;		
			//$result_array['assetURL']=$site_http."metadata/v1/asset/".$id;		
			$result_array['statisticsSHA1']=$statistics_sha1;	
		  header('HTTP/1.1 200 OK. Successful update statistics from asset.');
		  $result=json_encode($result_array);
			if(isset($_REQUEST['callback']))
			{  
			  echo $_REQUEST['callback']. '(' . $result . ');';
			  return;
			}
			echo $result;
		//	echo json_encode($result_array);
		//	echo "HTTP/1.1 200 OK <br />";
		//	
			//echo "Date: ".gmdate('D, j F Y g:i:s')." GMT<br />";
					//echo "Content-Type: application/json<br />";
		//	echo "Location: ".$site_http."metadata/v1/asset/$id<br />";
		/*	echo "{ <br />\"assetID\": $id, <br />
									\"assetURL\": ".$site_http."metadata/v1/asset/$id\" <br />
									\"statisticsSHA1\": \"".$statistics_sha1."\"<br />
									}";*/
			//return json array
			/*$result_array = array("title" => "$title", 
						"lecture_date"=> "$lecture_date",
						"remote_url" => "$remote_url",
						"organization" => "$organization",
						"presenter" => "$first_name $last_name",
						"job_title" => "$job_title",
						"keyword" => "$keyword",
						"timecode" => "$timecode",
						"timecode_type" => "$timecode_type",
						"data" =>"$data",
						"assetID" =>"$id"
						); 
			print_r($result_array);   */  
		
	}
	else
	{
		//echo "HTTP/1.1 401 <br />";
		header('HTTP/1.1 404, 403.Asset Not Found or Insufficient Permissions');
		/*header('HTTP/1.1 403,404. Specified Asset is not owned by authenticated user and cannot be deleted, or Asset Not Found Specified Asset was not found in the catalog.');*/
		//echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
		//	echo "Location: https://api.mathinstitutes.org/metadata/v1/asset/2341<br />";
		echo "{\"error\": \"Asset Not Found OR Insufficient Permissions.\"}";
	}
	
}
?>